专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明授权

US08839345B2 Method for discovering a security policy 有权
标题翻译：发现安全策略的方法
公开(公告)号：US08839345B2
公开(公告)日：2014-09-16
申请号：US12049629
申请日：2008-03-17
申请人： John L. Griffin , Dimitrios Pendarakis , Ronald Perez , Reiner Sailer , Enriquillo Valdez
发明人： John L. Griffin , Dimitrios Pendarakis , Ronald Perez , Reiner Sailer , Enriquillo Valdez
IPC分类号： H04L21/00 , H04L29/06 , H04L29/08 , G06F21/62 , H04W12/08
CPC分类号： G06F21/629 , G06F21/53 , G06F21/55 , G06F21/552 , G06F21/577 , G06F21/604 , H04L63/102 , H04L63/1408 , H04L63/20 , H04L67/00 , H04L67/10 , H04W12/08
摘要： Techniques for mapping at least one physical system and at least one virtual system into at least two separate execution environments are provided. The techniques include discovering an implicitly enforced security policy in an environment comprising at least one physical system and at least one virtual system, using the discovered policy to create an enforceable isolation policy, and using the isolation policy to map the at least one physical system and at least one virtual system into at least two separate execution environments. Techniques are also provided for generating a database of one or more isolation policies.
摘要翻译：提供了用于将至少一个物理系统和至少一个虚拟系统映射到至少两个单独的执行环境中的技术。所述技术包括在包括至少一个物理系统和至少一个虚拟系统的环境中发现隐含强制执行的安全策略，使用所发现的策略来创建可强制执行的隔离策略，以及使用所述隔离策略来映射所述至少一个物理系统和至少一个虚拟系统进入至少两个独立的执行环境。还提供了用于生成一个或多个隔离策略的数据库的技术。

2. 发明申请

US20090235324A1 METHOD FOR DISCOVERING A SECURITY POLICY 有权
标题翻译：发现安全政策的方法
公开(公告)号：US20090235324A1
公开(公告)日：2009-09-17
申请号：US12049629
申请日：2008-03-17
申请人： John L. Griffin , Dimitrios Pendarakis , Ronald Perez , Reiner Sailer , Enriquillo Valdez
发明人： John L. Griffin , Dimitrios Pendarakis , Ronald Perez , Reiner Sailer , Enriquillo Valdez
IPC分类号： G06F17/00
CPC分类号： G06F21/629 , G06F21/53 , G06F21/55 , G06F21/552 , G06F21/577 , G06F21/604 , H04L63/102 , H04L63/1408 , H04L63/20 , H04L67/00 , H04L67/10 , H04W12/08
摘要： Techniques for mapping at least one physical system and at least one virtual system into at least two separate execution environments are provided. The techniques include discovering an implicitly enforced security policy in an environment comprising at least one physical system and at least one virtual system, using the discovered policy to create an enforceable isolation policy, and using the isolation policy to map the at least one physical system and at least one virtual system into at least two separate execution environments. Techniques are also provided for generating a database of one or more isolation policies.
摘要翻译：提供了用于将至少一个物理系统和至少一个虚拟系统映射到至少两个单独的执行环境中的技术。所述技术包括在包括至少一个物理系统和至少一个虚拟系统的环境中发现隐含强制执行的安全策略，使用所发现的策略来创建可强制执行的隔离策略，以及使用所述隔离策略来映射所述至少一个物理系统和至少一个虚拟系统进入至少两个独立的执行环境。还提供了用于生成一个或多个隔离策略的数据库的技术。

3. 发明授权

US09298922B2 Method, system, and program product for remotely attesting to a state of a computer system 有权
标题翻译：方法，系统和程序产品，用于远程证明计算机系统的状态
公开(公告)号：US09298922B2
公开(公告)日：2016-03-29
申请号：US12170504
申请日：2008-07-10
申请人： Stefan Berger , Kenneth Goldman , Trenton R. Jaeger , Ronald Perez , Reiner Sailer , Enriquillo Valdez
发明人： Stefan Berger , Kenneth Goldman , Trenton R. Jaeger , Ronald Perez , Reiner Sailer , Enriquillo Valdez
IPC分类号： G06F21/57 , H04L9/32 , H04L29/06
CPC分类号： G06F21/57 , H04L9/3271 , H04L63/0428 , H04L63/06 , H04L63/0823 , H04L63/0853 , H04L63/1433 , H04L63/164 , H04L63/166 , H04L2209/127
摘要： A method, system, and program product for remotely attesting to a state of computing system is provided. Specifically, the present invention allows a remote system to establish trust in the properties of the computer system. The properties to be trusted are expanded from the usual system software layers and related configuration files to novel types of data such as static data specific to the computer system, dynamic data determined at system startup, or dynamic data created as the computer system runs applications.
摘要翻译：提供了一种用于远程验证计算系统状态的方法，系统和程序产品。具体地，本发明允许远程系统建立对计算机系统的属性的信任。要被信任的属性从通常的系统软件层和相关的配置文件扩展到新的类型的数据，例如计算机系统特有的静态数据，在系统启动时确定的动态数据，或者作为计算机系统运行应用程序创建的动态数据。

4. 发明授权

US07856653B2 Method and apparatus to protect policy state information during the life-time of virtual machines 有权
标题翻译：在虚拟机的使用寿命期间保护策略状态信息的方法和装置
公开(公告)号：US07856653B2
公开(公告)日：2010-12-21
申请号：US11392349
申请日：2006-03-29
申请人： Stefan Berger , Trent Ray Jaeger , Ronald Perez , Reiner Sailer , Enriquillo Valdez
发明人： Stefan Berger , Trent Ray Jaeger , Ronald Perez , Reiner Sailer , Enriquillo Valdez
IPC分类号： G06F17/00
CPC分类号： H04L63/102 , H04L63/12
摘要： A scheme for protecting policy state information during the lifetime of a virtual machine is presented. In order to protect and preserve the policy state information of the virtual machine, a process creates a source policy, a mapping policy, and a binary policy. These policies are all different representations of a security policy. The different policy representations are chained together via cryptographic hashes.
摘要翻译：提出了一种在虚拟机生命周期内保护策略状态信息的方案。为了保护和保存虚拟机的策略状态信息，进程创建源策略，映射策略和二进制策略。这些策略都是安全策略的不同表示形式。不同的策略表示通过加密散列链接在一起。

5. 发明申请

US20080270603A1 METHOD, SYSTEM, AND PROGRAM PRODUCT FOR REMOTELY ATTESTING TO A STATE OF A COMPUTER SYSTEM 审中-公开
标题翻译：方法，系统和程序产品，用于远程执行计算机系统状态
公开(公告)号：US20080270603A1
公开(公告)日：2008-10-30
申请号：US12170504
申请日：2008-07-10
申请人： Stefan Berger , Kenneth Goldman , Trenton R. Jaeger , Ronald Perez , Reiner Sailer , Enriquillo Valdez
发明人： Stefan Berger , Kenneth Goldman , Trenton R. Jaeger , Ronald Perez , Reiner Sailer , Enriquillo Valdez
IPC分类号： G06F15/16 , G06F21/00
CPC分类号： G06F21/57 , H04L9/3271 , H04L63/0428 , H04L63/06 , H04L63/0823 , H04L63/0853 , H04L63/1433 , H04L63/164 , H04L63/166 , H04L2209/127
摘要： A method, system, and program product for remotely attesting to a state of computing system is provided. Specifically, the present invention allows a remote system to establish trust in the properties of the computer system. The properties to be trusted are expanded from the usual system software layers and related configuration files to novel types of data such as static data specific to the computer system, dynamic data determined at system startup, or dynamic data created as the computer system runs applications.
摘要翻译：提供了一种用于远程验证计算系统状态的方法，系统和程序产品。具体地，本发明允许远程系统建立对计算机系统的属性的信任。要被信任的属性从通常的系统软件层和相关的配置文件扩展到新的类型的数据，例如计算机系统特有的静态数据，在系统启动时确定的动态数据，或者作为计算机系统运行应用程序创建的动态数据。

6. 发明申请

US20080046752A1 METHOD, SYSTEM, AND PROGRAM PRODUCT FOR REMOTELY ATTESTING TO A STATE OF A COMPUTER SYSTEM 审中-公开
公开(公告)号：US20080046752A1
公开(公告)日：2008-02-21
申请号：US11463563
申请日：2006-08-09
申请人： Stefan Berger , Kenneth Goldman , Trenton R. Jaeger , Ronald Perez , Reiner Sailer , Enriquillo Valdez
发明人： Stefan Berger , Kenneth Goldman , Trenton R. Jaeger , Ronald Perez , Reiner Sailer , Enriquillo Valdez
IPC分类号： H04K1/00
CPC分类号： G06F21/57 , H04L9/3271 , H04L63/0428 , H04L63/06 , H04L63/0823 , H04L63/0853 , H04L63/1433 , H04L63/164 , H04L63/166 , H04L2209/127
摘要： A method, system, and program product for remotely attesting to a state of computing system is provided. Specifically, the present invention allows a remote system to establish trust in the properties of the computer system. The properties to be trusted are expanded from the usual system software layers and related configuration files to novel types of data such as static data specific to the computer system, dynamic data determined at system startup, or dynamic data created as the computer system runs applications.

7. 发明申请

US20070239979A1 Method and apparatus to protect policy state information during the life-time of virtual machines 有权
标题翻译：在虚拟机的使用寿命期间保护策略状态信息的方法和装置
公开(公告)号：US20070239979A1
公开(公告)日：2007-10-11
申请号：US11392349
申请日：2006-03-29
申请人： Stefan Berger , Trent Jaeger , Ronald Perez , Reiner Sailer , Enriquillo Valdez
发明人： Stefan Berger , Trent Jaeger , Ronald Perez , Reiner Sailer , Enriquillo Valdez
IPC分类号： G06F15/173
CPC分类号： H04L63/102 , H04L63/12
摘要： A scheme for protecting policy state information during the lifetime of a virtual machine is presented. In order to protect and preserve the policy state information of the virtual machine, a process creates a source policy, a mapping policy, and a binary policy. These polices are all different representations of a security policy. The different policy representations are chained together via cryptographic hashes.
摘要翻译：提出了一种在虚拟机生命周期内保护策略状态信息的方案。为了保护和保存虚拟机的策略状态信息，进程创建源策略，映射策略和二进制策略。这些政策都是安全策略的不同表征。不同的策略表示通过加密散列链接在一起。

8. 发明申请

US20110258610A1 OPTIMIZING PERFORMANCE OF INTEGRITY MONITORING 有权
标题翻译：优化性能监测
公开(公告)号：US20110258610A1
公开(公告)日：2011-10-20
申请号：US12761952
申请日：2010-04-16
申请人： Najwa Aaraj , Mihai Christodorescu , Dimitrios Pendarakis , Reiner Sailer , Douglas L. Schales
发明人： Najwa Aaraj , Mihai Christodorescu , Dimitrios Pendarakis , Reiner Sailer , Douglas L. Schales
IPC分类号： G06F11/30 , G06F9/44
CPC分类号： G06F21/566 , G06F21/554 , G06F21/563
摘要： A system, method and computer program product for verifying integrity of a running application program on a computing device. The method comprises: determining entry points into an application programs processing space that impact proper execution impact program integrity; mapping data elements reachable from the determined entry points into a memory space of a host system where the application to verify is running; run-time monitoring, in the memory space, potential modification of the data elements in a manner potentially breaching program integrity; and initiating a response to the potential modification. The run-time monitoring detects when a data transaction, e.g., a write event, reaches a malicious agent's entry point, a corresponding memory hook is triggered and control is passed to a security agent running outside the monitored system. This agent requests the values of the data elements, and determines if invariants that have been previously computed hold true or not under the set of retrieved data values.
摘要翻译：一种用于验证计算设备上正在运行的应用程序的完整性的系统，方法和计算机程序产品。该方法包括：将入口点确定为影响适当执行影响程序完整性的应用程序处理空间; 将从所确定的入口点到达的数据元素映射到要验证的应用正在运行的主机系统的存储器空间中; 在存储器空间中的运行时监视，以潜在地破坏程序完整性的方式潜在地修改数据元素; 并启动对潜在修改的响应。运行时监视检测数据事务（例如写入事件）何时到达恶意代理的入口点，触发对应的存储器钩子，并将控制传递到在被监视系统外部运行的安全代理。该代理请求数据元素的值，并确定先前计算的不变量是否在检索的数据值集合下保持为真。

9. 发明授权

US08949797B2 Optimizing performance of integrity monitoring 有权
标题翻译：优化完整性监控的性能
公开(公告)号：US08949797B2
公开(公告)日：2015-02-03
申请号：US12761952
申请日：2010-04-16
申请人： Najwa Aaraj , Mihai Christodorescu , Dimitrios Pendarakis , Reiner Sailer , Douglas L. Schales
发明人： Najwa Aaraj , Mihai Christodorescu , Dimitrios Pendarakis , Reiner Sailer , Douglas L. Schales
IPC分类号： G06F9/44 , G06F9/45 , G06F21/56 , G06F21/55
CPC分类号： G06F21/566 , G06F21/554 , G06F21/563
摘要： A system, method and computer program product for verifying integrity of a running application program on a computing device. The method comprises: determining entry points into an application programs processing space that impact proper execution impact program integrity; mapping data elements reachable from the determined entry points into a memory space of a host system where the application to verify is running; run-time monitoring, in the memory space, potential modification of the data elements in a manner potentially breaching program integrity; and initiating a response to the potential modification. The run-time monitoring detects when a data transaction, e.g., a write event, reaches a malicious agent's entry point, a corresponding memory hook is triggered and control is passed to a security agent running outside the monitored system. This agent requests the values of the data elements, and determines if invariants that have been previously computed hold true or not under the set of retrieved data values.
摘要翻译：一种用于验证计算设备上正在运行的应用程序的完整性的系统，方法和计算机程序产品。该方法包括：将入口点确定为影响适当执行影响程序完整性的应用程序处理空间; 将从所确定的入口点到达的数据元素映射到要验证的应用正在运行的主机系统的存储器空间中; 在存储器空间中的运行时监视，以潜在地破坏程序完整性的方式潜在地修改数据元素; 并启动对潜在修改的响应。运行时监视检测数据事务（例如写入事件）何时到达恶意代理的入口点，触发对应的存储器钩子，并将控制传递到在被监视系统外部运行的安全代理。该代理请求数据元素的值，并确定先前计算的不变量是否在检索的数据值集合之前成立。

10. 发明授权

US08549288B2 Dynamic creation and hierarchical organization of trusted platform modules 有权
标题翻译：可信平台模块的动态创建和层次化组织
公开(公告)号：US08549288B2
公开(公告)日：2013-10-01
申请号：US12128952
申请日：2008-05-29
申请人： Steven A. Bade , Stefan Berger , Kenneth Alan Goldman , Ronald Perez , Reiner Sailer , Leendert Peter Van Doorn
发明人： Steven A. Bade , Stefan Berger , Kenneth Alan Goldman , Ronald Perez , Reiner Sailer , Leendert Peter Van Doorn
IPC分类号： H04L29/06
CPC分类号： G06F21/57
摘要： A trusted platform module is presented that is capable of creating, dynamically, multiple virtual trusted platform modules in a hierarchical organization. A trusted platform module domain is created. The trusted platform module creates virtual trusted platform modules, as needed, in the trusted platform module domain. The virtual trusted platform modules can inherit the permissions of a parent trusted platform module to have the ability to create virtual trusted platform modules themselves. Each virtual trusted platform module is associated with a specific partition. Each partition is associated with an individual operating system. The hierarchy of created operating systems and their privilege of spawning new operating systems is reflected in the hierarchy of trusted platform modules and the privileges each of the trusted platform modules has.
摘要翻译：提出了一种可信任的平台模块，能够在层次结构中动态创建多个虚拟可信平台模块。创建可信平台模块域。可信平台模块根据需要在可信平台模块域中创建虚拟可信平台模块。虚拟可信平台模块可以继承父信任平台模块的权限，以便能够自己创建虚拟可信平台模块。每个虚拟可信平台模块与特定分区关联。每个分区与单个操作系统相关联。创建的操作系统的层次结构及其产生新操作系统的特权体现在可信平台模块的层次结构和每个可信平台模块所具有的特权上。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式